Therefore, if that one bit were to be accidentally flipped by a dodgy chip, the user could find themselves sending data to the bit-squatter’s domain rather than Microsoft’s official home.

I would assume that this is statistically only a concern for very high-traffic domains, and only if the bit-flipping malfunction is quite widespread.

But Dinaburg, who works for the defense contractor Raytheon, seems to think that it’s serious enough to pay attention to. He wrote:

To verify the seriousness of the issue, I bit-squatted several popular domains, and logged all HTTP and DNS traffic. The results were shocking and surprising, ranging from misdirected DNS queries to requests for Windows updates.

…

I hope to convince the audience that bit-squatting and other attacks enabled by bit-flip errors are practical, serious, and should be addressed by software and hardware vendors.

His conference presentations will also discuss possible hardware and software solutions.

For large companies particularly at risk of typosquatting, the research may also present a good reason to conduct a review of their trademark enforcement strategies.

I’m not going to be in Vegas this year, but I’m looking forward to reading more about Dinaburg’s findings.

The annual Black Hat and DEF CON conferences are frequently the venues where some of the most beautifully creative DNS hacks are first revealed, usually by Dan Kaminsky.

Kaminsky is not discussing DNS this year, judging by the agendas.

The conferences were founded by Jeff Moss, aka The Dark Tangent, who joined ICANN as its chief security officer earlier this year.

For those that don’t understand binary, it sounds feasible. Fortunately (or unfortunately) there is no such danger from this new buzzword of pseudo-security concern. Computer bits don’t flip at random, there are parity mechanisms in place to correct such errors or else we’d find ourselves land in the wrong side of the world every few clicks of the browser. The “concept” would have worked nicely in the early days of tube computers though 😀

You are fucking damn wrong. Most desktop computers don’t have ECC memory (IMO not having ECC almost everywhere is one of the most stupid and almost criminally dangerous decision the computer industry did) and google (and prolly others) shown that even machines that seems to work well sometimes exhibit random flip behavior (in the very long run).

So in a gigantic pool of computer like Internet is, it’s obvious that this will sometimes happen.

Valid point — so basically this is a low probability request redirection that possibly malicious. SSL layer should still protect sensitive information but this vulnerability combined with a browser exploit could be very dangerous.